Cisco Integrated Management Controller Virtual Keyboard Video Monitor Open Redirect Vulnerability
TL;DR 📌
A high-severity vulnerability has been identified in the Cisco Integrated Management Controller (IMC) Virtual Keyboard Video Monitor (vKVM). This vulnerability allows unauthenticated remote attackers to redirect users to malicious websites, potentially capturing sensitive information. Cisco has released software updates to address this issue, and there are no workarounds available.
What happened 🕵️♂️
A vulnerability in the vKVM connection handling of Cisco IMC could allow an unauthenticated, remote attacker to redirect a user to a malicious website. This vulnerability arises from insufficient verification of vKVM endpoints. Attackers can exploit this by persuading users to click on crafted links, leading to potential credential capture.
Affected products 🖥️
The following Cisco products are affected if they are running a vulnerable software release:
- Catalyst 8300 Series Edge uCPE
- UCS Manager Software
- UCS B-Series Blade Servers
- UCS C-Series M6, M7, and M8 Rack Servers
- UCS E-Series Servers M6
- UCS X-Series Modular System
Additionally, Cisco appliances based on preconfigured versions of the affected UCS C-Series Servers are also vulnerable.
Fixed software 🔧
Upgrade to the first fixed release in your train (or later):
| Release / Product | First Fixed Release | Notes |
|---|---|---|
| 4.18 and earlier | 4.18.1 | |
| 4.1 and earlier | Migrate to a fixed release. | |
| 4.2 | 4.2(3p) | |
| 4.3 | 4.3(6a) | |
| 6.0 | Not vulnerable. | |
| 4.2 | 4.2(3o) | |
| 4.3 | 4.3(5c) | |
| 4.2 | 4.2(3l) | |
| 5.1 | Migrate to a fixed release. | |
| 5.2 | Migrate to a fixed release. | |
| 5.3 | 5.3(0.250001) | |
| 5.4 | Not vulnerable. | |
| 5.0 | 5.0(4i) | |
| 4.3 | 4.3(5.250001) | |
| 4.15 and earlier | 4.15.2 | |
| 1.0 | Initial public release. |
Workarounds 🧯
There are no workarounds that address this vulnerability.
Risk in context 🎯
With a CVSS score of 7.1, this vulnerability is rated as High. The risk is significant due to the potential for unauthenticated remote exploitation, which could lead to credential capture and further compromise of systems. Organizations should prioritize patching affected systems as soon as possible.
Fast facts ⚡
- Vulnerability: Open Redirect in vKVM
- CVSS Score: 7.1 (High)
- Exploitation: Requires user interaction (clicking a link)
- Impact: Credential capture via malicious redirection
- Workarounds: None available
- Fixed Software: Updates released by Cisco
For leadership 🧭
This vulnerability poses a High risk to our organization, with a CVSS score of 7.1. It is exploitable by unauthenticated remote attackers through crafted links, potentially leading to credential theft. Immediate remediation is required, with a recommendation to patch within 7 days. The operational impact is expected to be minimal, involving a brief maintenance window with no anticipated configuration drift.
Now: Identify affected systems and schedule updates.
Next: Apply the necessary software updates as per Cisco’s guidance.
Later: Monitor for any signs of exploitation and review security policies to mitigate similar risks in the future.